The public key of a certificate can be used to encrypt another key for
subsequent communication.

This usually happens during a TLS handshake.

The connecting party knows the other party’s public key, which allows it to send
encrypted data which only the owner of the private key of the certificate can
decipher.

But since this is slow, and keys are big (private keys should be between 2048 to
4096 bits) the parties agree on a symmetric encryption which works both ways, is
faster and provides equal security with smaller keys (128 or 256 bits).

This symmetric key is encrypted with the public key of the certificate before it is sent to the other party. As only the certificate owner can decrypt it, the key used for symmetric encryption remains a secret only the two parties know of.

The public key of this certificate can be used for Diffie-Hellman key exchange
(DHE).

Certificates who use DHE key-pairs use a different approach them RSA
certificates. But the goal remains the same: Share a key with the other party,
which then can be used to securely encrypt the actual communication data.